Restructure Alliance Auth package (#867)

* Refactor allianceauth into its own package

* Add setup

* Add missing default_app_config declarations

* Fix timerboard namespacing

* Remove obsolete future imports

* Remove py2 mock support

* Remove six

* Add experimental 3.7 support and multiple Dj versions

* Remove python_2_unicode_compatible

* Add navhelper as local package

* Update requirements

allianceauth/services/modules/ips4/__init__.py

@@ -0,0 +1 @@
+default_app_config = 'allianceauth.services.modules.ips4.apps.Ips4ServiceConfig'

allianceauth/services/modules/ips4/admin.py

@@ -0,0 +1,9 @@
+from django.contrib import admin
+from .models import Ips4User
+
+
+class Ips4UserAdmin(admin.ModelAdmin):
+        list_display = ('user', 'username', 'id')
+        search_fields = ('user__username', 'username', 'id')
+
+admin.site.register(Ips4User, Ips4UserAdmin)

allianceauth/services/modules/ips4/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class Ips4ServiceConfig(AppConfig):
+    name = 'allianceauth.services.modules.ips4'
+    label = 'ips4'

allianceauth/services/modules/ips4/auth_hooks.py

@@ -0,0 +1,48 @@
+from django.conf import settings
+from django.template.loader import render_to_string
+
+from allianceauth import hooks
+from allianceauth.services.hooks import ServicesHook
+from .tasks import Ips4Tasks
+from .urls import urlpatterns
+
+
+class Ips4Service(ServicesHook):
+    def __init__(self):
+        ServicesHook.__init__(self)
+        self.name = 'ips4'
+        self.urlpatterns = urlpatterns
+        self.service_url = settings.IPS4_URL
+        self.access_perm = 'ips4.access_ips4'
+
+    @property
+    def title(self):
+        return 'IPS4'
+
+    def service_active_for_user(self, user):
+        return user.has_perm(self.access_perm)
+
+    def render_services_ctrl(self, request):
+        """
+        Example for rendering the service control panel row
+        You can override the default template and create a
+        custom one if you wish.
+        :param request:
+        :return:
+        """
+        urls = self.Urls()
+        urls.auth_activate = 'auth_activate_ips4'
+        urls.auth_deactivate = 'auth_deactivate_ips4'
+        urls.auth_reset_password = 'auth_reset_ips4_password'
+        urls.auth_set_password = 'auth_set_ips4_password'
+        return render_to_string(self.service_ctrl_template, {
+            'service_name': self.title,
+            'urls': urls,
+            'service_url': self.service_url,
+            'username': request.user.ips4.username if Ips4Tasks.has_account(request.user) else ''
+        }, request=request)
+
+
+@hooks.register('services_hook')
+def register_service():
+    return Ips4Service()

allianceauth/services/modules/ips4/manager.py

@@ -0,0 +1,107 @@
+import logging
+import random
+import string
+import re
+from django.db import connections
+from passlib.hash import bcrypt
+
+logger = logging.getLogger(__name__)
+
+
+class Ips4Manager:
+    SQL_ADD_USER = r"INSERT INTO core_members (name, email, members_pass_hash, members_pass_salt, " \
+                   r"member_group_id) VALUES (%s, %s, %s, %s, %s)"
+    SQL_GET_ID = r"SELECT member_id FROM core_members WHERE name = %s"
+    SQL_UPDATE_PASSWORD = r"UPDATE core_members SET members_pass_hash = %s, members_pass_salt = %s WHERE name = %s"
+    SQL_DEL_USER = r"DELETE FROM core_members WHERE member_id = %s"
+
+    MEMBER_GROUP_ID = 3
+
+    @classmethod
+    def add_user(cls, username, email):
+        logger.debug("Adding new IPS4 user %s" % username)
+        plain_password = cls.__generate_random_pass()
+        hash = cls._gen_pwhash(plain_password)
+        salt = cls._get_salt(hash)
+        group = cls.MEMBER_GROUP_ID
+        cursor = connections['ips4'].cursor()
+        cursor.execute(cls.SQL_ADD_USER, [username, email, hash, salt, group])
+        member_id = cls.get_user_id(username)
+        return username, plain_password, member_id
+
+    @staticmethod
+    def get_user_id(username):
+        cursor = connections['ips4'].cursor()
+        cursor.execute(Ips4Manager.SQL_GET_ID, [username])
+        row = cursor.fetchone()
+        if row is not None:
+            logger.debug("Got user id %s for username %s" % (row[0], username))
+            return row[0]
+        else:
+            logger.error("username %s not found. Unable to determine id." % username)
+            return None
+
+    @staticmethod
+    def __generate_random_pass():
+        return ''.join([random.choice(string.ascii_letters + string.digits) for n in range(16)])
+
+    @staticmethod
+    def _gen_pwhash(password):
+        return bcrypt.using(ident='2y').encrypt(password.encode('utf-8'), rounds=13)
+
+    @staticmethod
+    def _get_salt(pw_hash):
+        search = re.compile(r"^\$2[a-z]?\$([0-9]+)\$(.{22})(.{31})$")
+        match = re.match(search, pw_hash)
+        return match.group(2)
+
+    @staticmethod
+    def delete_user(id):
+        logger.debug("Deleting IPS4 user id %s" % id)
+        try:
+            cursor = connections['ips4'].cursor()
+            cursor.execute(Ips4Manager.SQL_DEL_USER, [id])
+            logger.info("Deleted IPS4 user %s" % id)
+            return True
+        except:
+            logger.exception("Failed to delete IPS4 user id %s" % id)
+            return False
+
+    @classmethod
+    def update_user_password(cls, username):
+        logger.debug("Updating IPS4 user id %s password" % id)
+        if cls.check_user(username):
+            plain_password = Ips4Manager.__generate_random_pass()
+            hash = cls._gen_pwhash(plain_password)
+            salt = cls._get_salt(hash)
+            cursor = connections['ips4'].cursor()
+            cursor.execute(cls.SQL_UPDATE_PASSWORD, [hash, salt, username])
+            return plain_password
+        else:
+            logger.error("Unable to update ips4 user %s password" % username)
+            return ""
+
+    @staticmethod
+    def check_user(username):
+        logger.debug("Checking IPS4 username %s" % username)
+        cursor = connections['ips4'].cursor()
+        cursor.execute(Ips4Manager.SQL_GET_ID, [username])
+        row = cursor.fetchone()
+        if row:
+            logger.debug("Found user %s on IPS4" % username)
+            return True
+        logger.debug("User %s not found on IPS4" % username)
+        return False
+
+    @classmethod
+    def update_custom_password(cls, username, plain_password):
+        logger.debug("Updating IPS4 user id %s password" % id)
+        if cls.check_user(username):
+            hash = cls._gen_pwhash(plain_password)
+            salt = cls._get_salt(hash)
+            cursor = connections['ips4'].cursor()
+            cursor.execute(cls.SQL_UPDATE_PASSWORD, [hash, salt, username])
+            return plain_password
+        else:
+            logger.error("Unable to update ips4 user %s password" % username)
+            return ""

allianceauth/services/modules/ips4/migrations/0001_initial.py

@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10.2 on 2016-12-12 03:27
+from __future__ import unicode_literals
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0008_alter_user_username_max_length'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Ips4User',
+            fields=[
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, related_name='ips4', serialize=False, to=settings.AUTH_USER_MODEL)),
+                ('username', models.CharField(max_length=254)),
+                ('id', models.CharField(max_length=254)),
+            ],
+        ),
+    ]

allianceauth/services/modules/ips4/migrations/0002_service_permissions.py

@@ -0,0 +1,61 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10.5 on 2017-02-02 05:59
+from __future__ import unicode_literals
+
+from django.db import migrations
+from django.conf import settings
+from django.core.exceptions import ObjectDoesNotExist
+from django.contrib.auth.management import create_permissions
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+def migrate_service_enabled(apps, schema_editor):
+    for app_config in apps.get_app_configs():
+        app_config.models_module = True
+        create_permissions(app_config, apps=apps, verbosity=0)
+        app_config.models_module = None
+        
+    Group = apps.get_model("auth", "Group")
+    Permission = apps.get_model("auth", "Permission")
+    Ips4User = apps.get_model("ips4", "Ips4User")
+
+    perm = Permission.objects.get(codename='access_ips4')
+
+    member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
+    blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
+
+    # Migrate members
+    if Ips4User.objects.filter(user__groups__name=member_group_name).exists() or \
+            getattr(settings, str('ENABLE_AUTH_IPS4'), False):
+        try:
+            group = Group.objects.get(name=member_group_name)
+            group.permissions.add(perm)
+        except ObjectDoesNotExist:
+            logger.warning('Failed to migrate ENABLE_AUTH_IPS4 setting')
+
+    # Migrate blues
+    if Ips4User.objects.filter(user__groups__name=blue_group_name).exists() or \
+            getattr(settings, str('ENABLE_BLUE_IPS4'), False):
+        try:
+            group = Group.objects.get(name=blue_group_name)
+            group.permissions.add(perm)
+        except ObjectDoesNotExist:
+            logger.warning('Failed to migrate ENABLE_BLUE_IPS4 setting')
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('ips4', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='ips4user',
+            options={'permissions': (('access_ips4', 'Can access the IPS4 service'),)},
+        ),
+        migrations.RunPython(migrate_service_enabled),
+    ]

allianceauth/services/modules/ips4/models.py

@@ -0,0 +1,19 @@
+from django.contrib.auth.models import User
+from django.db import models
+
+
+class Ips4User(models.Model):
+    user = models.OneToOneField(User,
+                                primary_key=True,
+                                on_delete=models.CASCADE,
+                                related_name='ips4')
+    username = models.CharField(max_length=254)
+    id = models.CharField(max_length=254)
+
+    def __str__(self):
+        return self.username
+
+    class Meta:
+        permissions = (
+            ("access_ips4", u"Can access the IPS4 service"),
+        )

allianceauth/services/modules/ips4/tasks.py

@@ -0,0 +1,35 @@
+from django.conf import settings
+from django.core.exceptions import ObjectDoesNotExist
+
+from .manager import Ips4Manager
+from .models import Ips4User
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class Ips4Tasks:
+    def __init__(self):
+        pass
+
+    @classmethod
+    def delete_user(cls, user):
+        logging.debug("Attempting to delete IPS4 account for %s" % user)
+        if cls.has_account(user) and Ips4Manager.delete_user(user.ips4.id):
+            user.ips4.delete()
+            logger.info("Successfully deactivated IPS4 for user %s" % user)
+            return True
+        return False
+
+    @staticmethod
+    def has_account(user):
+        try:
+            return user.ips4.id != ''
+        except ObjectDoesNotExist:
+            return False
+
+    @staticmethod
+    def disable():
+        logging.debug("Deleting all IPS4 users")
+        Ips4User.objects.all().delete()

allianceauth/services/modules/ips4/tests.py

@@ -0,0 +1,156 @@
+from unittest import mock
+
+from django.test import TestCase, RequestFactory
+from django import urls
+from django.contrib.auth.models import User, Group, Permission
+from django.core.exceptions import ObjectDoesNotExist
+
+from allianceauth.tests.auth_utils import AuthUtils
+
+from .auth_hooks import Ips4Service
+from .models import Ips4User
+from .tasks import Ips4Tasks
+
+MODULE_PATH = 'allianceauth.services.modules.ips4'
+DEFAULT_AUTH_GROUP = 'Member'
+
+
+def add_permissions():
+    permission = Permission.objects.get(codename='access_ips4')
+    members = Group.objects.get_or_create(name=DEFAULT_AUTH_GROUP)[0]
+    AuthUtils.add_permissions_to_groups([permission], [members])
+
+
+class Ips4HooksTestCase(TestCase):
+    def setUp(self):
+        self.member = 'member_user'
+        member = AuthUtils.create_member(self.member)
+        Ips4User.objects.create(user=member, id='12345', username=self.member)
+        self.none_user = 'none_user'
+        none_user = AuthUtils.create_user(self.none_user)
+        self.service = Ips4Service
+        add_permissions()
+
+    def test_has_account(self):
+        member = User.objects.get(username=self.member)
+        none_user = User.objects.get(username=self.none_user)
+        self.assertTrue(Ips4Tasks.has_account(member))
+        self.assertFalse(Ips4Tasks.has_account(none_user))
+
+    def test_service_enabled(self):
+        service = self.service()
+        member = User.objects.get(username=self.member)
+        none_user = User.objects.get(username=self.none_user)
+
+        self.assertTrue(service.service_active_for_user(member))
+        self.assertFalse(service.service_active_for_user(none_user))
+
+    def test_render_services_ctrl(self):
+        service = self.service()
+        member = User.objects.get(username=self.member)
+        request = RequestFactory().get('/en/services/')
+        request.user = member
+
+        response = service.render_services_ctrl(request)
+        self.assertTemplateUsed(service.service_ctrl_template)
+        self.assertIn(urls.reverse('auth_set_ips4_password'), response)
+        self.assertIn(urls.reverse('auth_reset_ips4_password'), response)
+        self.assertIn(urls.reverse('auth_deactivate_ips4'), response)
+
+        # Test register becomes available
+        member.ips4.delete()
+        member = User.objects.get(username=self.member)
+        request.user = member
+        response = service.render_services_ctrl(request)
+        self.assertIn(urls.reverse('auth_activate_ips4'), response)
+
+
+class Ips4ViewsTestCase(TestCase):
+    def setUp(self):
+        self.member = AuthUtils.create_member('auth_member')
+        self.member.set_password('password')
+        self.member.email = 'auth_member@example.com'
+        self.member.save()
+        AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
+        add_permissions()
+
+    def login(self):
+        self.client.login(username=self.member.username, password='password')
+
+    @mock.patch(MODULE_PATH + '.views.Ips4Manager')
+    def test_activate(self, manager):
+        self.login()
+        expected_username = 'auth_member'
+        expected_password = 'password'
+        expected_id = '1234'
+
+        manager.add_user.return_value = (expected_username, expected_password, expected_id)
+
+        response = self.client.get(urls.reverse('auth_activate_ips4'), follow=False)
+
+        self.assertTrue(manager.add_user.called)
+        args, kwargs = manager.add_user.call_args
+        self.assertEqual(args[0], expected_username)
+        self.assertEqual(args[1], self.member.email)
+
+        self.assertTemplateUsed(response, 'registered/service_credentials.html')
+        self.assertContains(response, expected_username)
+        self.assertContains(response, expected_password)
+
+    @mock.patch(MODULE_PATH + '.tasks.Ips4Manager')
+    def test_deactivate(self, manager):
+        self.login()
+        Ips4User.objects.create(user=self.member, username='12345', id='1234')
+        manager.delete_user.return_value = True
+
+        response = self.client.get(urls.reverse('auth_deactivate_ips4'))
+
+        self.assertTrue(manager.delete_user.called)
+        self.assertRedirects(response, expected_url=urls.reverse('auth_services'), target_status_code=200)
+        with self.assertRaises(ObjectDoesNotExist):
+            ips4_user = User.objects.get(pk=self.member.pk).ips4
+
+    @mock.patch(MODULE_PATH + '.views.Ips4Manager')
+    def test_set_password(self, manager):
+        self.login()
+        Ips4User.objects.create(user=self.member, username='12345', id='1234')
+        expected_password = 'password'
+        manager.update_user_password.return_value = expected_password
+
+        response = self.client.post(urls.reverse('auth_set_ips4_password'), data={'password': expected_password})
+
+        self.assertTrue(manager.update_custom_password.called)
+        args, kwargs = manager.update_custom_password.call_args
+        self.assertEqual(kwargs['plain_password'], expected_password)
+        self.assertRedirects(response, expected_url=urls.reverse('auth_services'), target_status_code=200)
+
+    @mock.patch(MODULE_PATH + '.views.Ips4Manager')
+    def test_reset_password(self, manager):
+        self.login()
+        Ips4User.objects.create(user=self.member, username='12345', id='1234')
+
+        response = self.client.get(urls.reverse('auth_reset_ips4_password'))
+
+        self.assertTrue(manager.update_user_password.called)
+        self.assertTemplateUsed(response, 'registered/service_credentials.html')
+
+
+class Ips4ManagerTestCase(TestCase):
+    def setUp(self):
+        from .manager import Ips4Manager
+        self.manager = Ips4Manager
+
+    def test_generate_random_password(self):
+        password = self.manager._Ips4Manager__generate_random_pass()
+
+        self.assertEqual(len(password), 16)
+        self.assertIsInstance(password, type(''))
+
+    def test_gen_pwhash(self):
+        pwhash = self.manager._gen_pwhash('test')
+        salt = self.manager._get_salt(pwhash)
+
+        self.assertIsInstance(pwhash, str)
+        self.assertGreaterEqual(len(pwhash), 59)
+        self.assertIsInstance(salt, str)
+        self.assertEqual(len(salt), 22)

allianceauth/services/modules/ips4/urls.py

@@ -0,0 +1,15 @@
+from django.conf.urls import url, include
+
+from . import views
+
+module_urls = [
+    # IPS4 Service Control
+    url(r'^activate/$', views.activate_ips4, name='auth_activate_ips4'),
+    url(r'^deactivate/$', views.deactivate_ips4, name='auth_deactivate_ips4'),
+    url(r'^reset_password/$', views.reset_ips4_password, name='auth_reset_ips4_password'),
+    url(r'^set_password/$', views.set_ips4_password, name='auth_set_ips4_password'),
+]
+
+urlpatterns = [
+    url(r'^ips4/', include(module_urls))
+]

allianceauth/services/modules/ips4/views.py

@@ -0,0 +1,104 @@
+import logging
+
+from django.contrib import messages
+from django.contrib.auth.decorators import login_required, permission_required
+from django.shortcuts import render, redirect
+
+from allianceauth.services.forms import ServicePasswordForm
+from .manager import Ips4Manager
+from .models import Ips4User
+from .tasks import Ips4Tasks
+
+logger = logging.getLogger(__name__)
+
+ACCESS_PERM = 'ips4.access_ips4'
+
+
+@login_required
+@permission_required(ACCESS_PERM)
+def activate_ips4(request):
+    logger.debug("activate_ips4 called by user %s" % request.user)
+    character = request.user.profile.main_character
+    logger.debug("Adding IPS4 user for user %s with main character %s" % (request.user, character))
+    result = Ips4Manager.add_user(character.character_name, request.user.email)
+    # if empty we failed
+    if result[0] != "" and not Ips4Tasks.has_account(request.user):
+        ips_user = Ips4User.objects.create(user=request.user, id=result[2], username=result[0])
+        logger.debug("Updated authserviceinfo for user %s with IPS4 credentials." % request.user)
+        # update_ips4_groups.delay(request.user.pk)
+        logger.info("Successfully activated IPS4 for user %s" % request.user)
+        messages.success(request, 'Activated IPSuite4 account.')
+        credentials = {
+            'username': result[0],
+            'password': result[1],
+        }
+        return render(request, 'registered/service_credentials.html',
+                      context={'credentials': credentials, 'service': 'IPSuite4'})
+    else:
+        logger.error("Unsuccessful attempt to activate IPS4 for user %s" % request.user)
+        messages.error(request, 'An error occurred while processing your IPSuite4 account.')
+    return redirect("auth_services")
+
+
+@login_required
+@permission_required(ACCESS_PERM)
+def reset_ips4_password(request):
+    logger.debug("reset_ips4_password called by user %s" % request.user)
+    if Ips4Tasks.has_account(request.user):
+        result = Ips4Manager.update_user_password(request.user.ips4.username)
+        # false we failed
+        if result != "":
+            logger.info("Successfully reset IPS4 password for user %s" % request.user)
+            messages.success(request, 'Reset IPSuite4 password.')
+            credentials = {
+                'username': request.user.ips4.username,
+                'password': result,
+            }
+            return render(request, 'registered/service_credentials.html',
+                          context={'credentials': credentials, 'service': 'IPSuite4'})
+
+    logger.error("Unsuccessful attempt to reset IPS4 password for user %s" % request.user)
+    messages.error(request, 'An error occurred while processing your IPSuite4 account.')
+    return redirect("auth_services")
+
+
+@login_required
+@permission_required(ACCESS_PERM)
+def set_ips4_password(request):
+    logger.debug("set_ips4_password called by user %s" % request.user)
+    if request.method == 'POST':
+        logger.debug("Received POST request with form.")
+        form = ServicePasswordForm(request.POST)
+        logger.debug("Form is valid: %s" % form.is_valid())
+        if form.is_valid() and Ips4Tasks.has_account(request.user):
+            password = form.cleaned_data['password']
+            logger.debug("Form contains password of length %s" % len(password))
+            result = Ips4Manager.update_custom_password(request.user.ips4.username, plain_password=password)
+            if result != "":
+                logger.info("Successfully set IPS4 password for user %s" % request.user)
+                messages.success(request, 'Set IPSuite4 password.')
+            else:
+                logger.error("Failed to install custom IPS4 password for user %s" % request.user)
+                messages.error(request, 'An error occurred while processing your IPSuite4 account.')
+            return redirect('auth_services')
+    else:
+        logger.debug("Request is not type POST - providing empty form.")
+        form = ServicePasswordForm()
+
+    logger.debug("Rendering form for user %s" % request.user)
+    context = {'form': form, 'service': 'IPS4'}
+    return render(request, 'registered/service_password.html', context=context)
+
+
+@login_required
+@permission_required(ACCESS_PERM)
+def deactivate_ips4(request):
+    logger.debug("deactivate_ips4 called by user %s" % request.user)
+    if Ips4Tasks.delete_user(request.user):
+        logger.info("Successfully deactivated IPS4 for user %s" % request.user)
+        messages.success(request, 'Deactivated IPSuite4 account.')
+    else:
+        logger.error("Unsuccessful attempt to deactivate IPS4 for user %s" % request.user)
+        messages.error(request, 'An error occurred while processing your IPSuite4 account.')
+    return redirect("auth_services")
+